3 INTRODUCTION To address challenges associated with today s mission-critical enterprise application deployments, Brocade, and Microsoft have validated the solution documented in this guide. The guide provides a reference architecture and instructions for the implementation of the Brocade ServerIron ADX Series switches with Microsoft Exchange Server This solution optimizes application availability, performance, and security and decreases application Total Cost of Ownership (TCO). In order to use this guide, you should: Perform all of the configuration procedures on the Brocade ServerIron ADX. Be familiar with both Brocade ServerIron ADX and Microsoft Exchange Server Refer to the product documentation for both products. Have the Brocade ServerIron ADX installed in your network. Have a general understanding of how the Brocade ServerIron ADX functions. Microsoft Enterprise Engineering Center Brocade and Microsoft cooperated in all phases of the solution development, including lab setup at the Microsoft Enterprise Engineering Center (EEC), located at the Microsoft corporate campus in Redmond, solution functionality, and performance testing. Brocade and Microsoft jointly validated that the lab setup and solution testing represents best efforts in creating a realistic customer deployment environment and accurate documentation of the deployment. The EEC is a state-of-the-art proving ground for the world s most complex computing environments. With over $75 million invested in hardware and networking equipment from the industry s top manufacturers, the EEC can replicate virtually any production environment. Many of Microsoft s most important customers come to the EEC to get a clear view of how pre-release Microsoft products will perform in their own environments prior to actually deploying the solution. In addition, customers can influence the quality of the final release by reporting issues to Microsoft, which reduces uncertainty and can lower their deployment costs. The EEC can tackle the most complex re-creations of real-world enterprise production environments. About the Testing A number of tests were performed at the Microsoft EEC to validate the solution described in this guide. Affinity was tested using the LB-generated cookies and Source IP port persistence for all the Exchange Server 2010 protocols (OWA, ECP, MAPI/RPC, EAS, OAB, EWS, and Autodiscover). CAS servers were used to validate that the traffic was sent to the correct CAS server. Note that the Exchange Server 2010 load tester ran 6,000 simulated users against the Brocade ServerIron ADX, which placed load of approximately 8% on the Brocade ServerIron ADX. For More Information For more information on the Brocade ServerIron ADX, visit: For information about Brocade offerings supporting Microsoft Exchange, visit: For information on Brocade Education offerings, visit: For more information on Microsoft Exchange Server 2010, visit: For more information on the Microsoft EEC, visit: Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

4 OVERVIEW The joint solution offers optimized Exchange Server 2010 application availability, performance, security, and costs by providing application optimization services from the Brocade ServerIron ADX. Microsoft Exchange Server 2010 Microsoft Exchange Server 2010 is the server side of a client server, collaborative application product developed by Microsoft as part of the Microsoft Server product for Microsoft infrastructure solutions. Exchange Server 2010 includes , calendar, contacts and tasks, support for mobile and Web-based access to information, and support for data storage. Exchange Server 2010 provides users with the flexibility to tailor deployment to their unique needs and a simplified way to help keep continuously available. This flexibility and simplified availability comes from innovations to the core Exchange Server 2010 platform and delivers advances in performance, scalability, and reliability, while lowering the TCO. Microsoft Exchange Server 2010 deployments can leverage Brocade ServerIron ADX Series load balancing technologies for performance, affinity, scalability, high availability, and security. Without hardware load balancing, as organizations scale, a single server running Exchange Server 2010 may hit the upper limits of its processing capacity. Use of a Brocade ServerIron ADX Series switch optimizes traffic distribution to all available servers to ensure that switches consider server availability, load, response time, and other userconfigured performance metrics when selecting a server for incoming client connections. Communications is such a key enabler of business that any downtime for applications can adversely impact revenue and productivity. Microsoft Exchange Server 2010 comprises the following server roles in a three-tier architecture: Clients Client Access Server (CAS) servers Mailbox (MBX) database servers Additional server roles include: Unified Messaging Server, which connects a Private Branch exchange (PBX) system to Exchange 2010 Hub Transport Server, the mail routing server that routes mail within the Exchange organization Edge Transport Server, the mail routing server that typically sits at the perimeter of the topology and routes mail in to and out of the Exchange organization Brocade ServerIron ADX The Brocade ServerIron ADX, a Layer 4 7 application delivery switch, provides application availability, performance, security, and affinity capabilities for application infrastructure such as Exchange 2010, as described in the following sections. Application Availability Server and application health checks. Continuously monitors the health of the application availability. Server load balancing. Efficiently routes the end user and Web services request to the best available server dependent on the load balancing scheme being utilized. Network platform health monitoring. Ensures continuity of business operations through mirroring end user transactions across a redundant Brocade ServerIron ADX network. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

5 Application Performance Server load balancing. The Brocade ServerIron ADX balances the traffic load between the real servers based on a predictor used for optimal resource utilization, maximum throughput, and minimum response time. Server health monitoring. The Brocade ServerIron ADX performs health checks on the real servers to ensure that traffic is not forwarded to a real server that has failed or is not responsive. Application Security SSL Proxy. Secure Socket Layer (SSL) Proxy is the most secure configuration option available, allowing for end-to-end SSL encryption. It is also more complex as it requires keys and certificates on the Brocade ServerIron ADX, as well as on each real server.ssl Proxy allows the Brocade ServerIron ADX to decrypt HTTPS traffic, run complex HTTP Content Switching Rules (CSW rules), re-encrypt the traffic, and forward it to the appropriate server. The CSW feature makes sure that existing user sessions are forwarded to the same server to which the session was initially connected. End user access control. Provides Access Control Lists (ACLs) to protect the client-to-server traffic from worms and intruders, which attack vulnerable open server ports not being used by the application. SYN attack protection. Provides protection to back-end servers from SYN attacks. SYN attacks can exhaust back-end server resources by opening a vast number of partial TCP connections. Application Affinity Options CWS Rules. Affinity is handled by the CSW rules, which look at the cookie and determine whether it is a new cookie from a new session or an existing cookie generated by the Brocade ServerIron ADX. The new cookie is stripped from the packet and replaced with a load balancer cookie that has a server ID (server-id) attached to it. The server ID ensures that all traffic from that session is now forwarded to the same server. Source IP Port Persistence. Source IP Port Persistence provides a persistent hashing mechanism for virtual server ports, which evenly distributes hash assignments and enables a client to always be redirected to the same real server. Source IP Port Persistence, which functions at Layer 4, can be applied to non-http traffic for which cookies are not part of the protocol specification and other HTTP traffic as long as no other persistence mechanism is applied on the same port. SOLUTION ARCHITECTURE The solution architecture used for the Brocade ServerIron ADX with Microsoft Exchange Server 2010 is shown in Figure 1. The ports used by Exchange services are: HTTP (Port 80) and HTTPS (Port 443) HTTP and HTTPS are used for several Microsoft Exchange Servers: Outlook Web Access (OWA) Outlook Anywhere (OA) (MAPI tunneled over HTTPS) Exchange ActiveSync for mobile devices (EAS) Exchange Control Panel (ECP) Exchange Web Services (EWS) Autodiscover (AUDI) Offline address book distribution Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

6 NOTE: Microsoft recommends using HTTPS. RPC/MAPI (Port 135) Microsoft Remote Procedure Call (RPC) defines a powerful technology for creating distributed client/server programs. The RPC run-time stubs and libraries manage most of the processes relating to network protocols and communication. TCP Ports and As with Remote Procedure Call (RPC) applications, the end-point TCP port numbers for these services are allocated by the RPC end-point mapper when the services are started. This means that a large range of destination ports may need to be configured for load balancing without the ability to specifically target traffic for these services based on port number. It is possible to statically map these services to specific port numbers in order to simplify load balancing. If the ports for these services are statically mapped, then the traffic for these services will be restricted to port 135 (used by the RPC port mapper) and the two specific ports that have been selected for these services. In this configuration TCP ports and were statically mapped. Note that these values can be changed manually. Refer to the Microsoft Knowledge Base for details on mapping the static ports ( ). L2 switch Outlook clients Brocade ServerIron ADX L2 switch Active Directory CAS 1 MBX 1 SQL Server database cluster CAS 2 MBX 2 CAS 3 MBX 3 MBX4 Figure 1. Brocade ServerIron ADX load balancer with the Exchange Server 2010 Application and Application Networking Architecture In this solution, the Brocade ServerIron ADX ensures affinity and load balances traffic going to the server farm. The Brocade ServerIron ADX use SSL proxy to decrypt incoming traffic, apply CSW rules, and reencrypt traffic back to the server farm. Note that Microsoft recommends the use of HTTPS for user traffic. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

7 Brocade ServerIron ADX Networking Architecture The Brocade ServerIron ADX provides the following features: Session persistence. Session persistence is the ability to forward client requests to the same server for the duration of a session. Content Switching Rules (CSW). Layer 7 switching allows the Brocade ServerIron ADX to make forwarding decisions about HTTP traffic using information in a URL, cookie, or SSL session ID. SSLProxy. In full SSL proxy mode, the ServerIron ADX maintains encrypted data channels with the client and the server. This mode provides additional security without incurring SSL hardware acceleration cost on the server. SSL proxy provides visibility to application traffic for Layer 7 processing and security. Health monitoring. Health monitoring is used to track the state of the server and determine its ability to process connections in the server farm. Brocade ServerIron ADX provides load balancing of the traffic to the server farm using Round Robin, Least Local Connections, Dynamic Weighted Predictor, and so on (for more about these methods, see the Brocade ServerIron ADX product documentation). Since the solution uses source IP port persistence on the Virtual IP (VIP), the Round Robin predictor for VIP is automatically enabled and used to evenly distribute hash assignments. After you enter the port <port> persist-hash command, the predictor round-robin command automatically appears under the virtual server entry in the configuration file. Active/Hot Standby redundancy uses a dedicated link between the Brocade ServerIron ADX switches, which transmits flow-state information, configuration synchronization information, and the redundancy heartbeat. Server Architecture The server architecture consists of three CAS servers, four MBX servers, two Outlook clients, and one Hyper- V server: The three CAS servers are load balanced by the Brocade ServerIron ADX and each has the hardware and software configuration shown in the table below. Server Name Software Speed Sockets Core Memory CAS (Client Access Server) Windows Server 2008 R2 Enterprise 2.66 Ghz GB MBX (Mailbox Server) Windows Server 2008 R2 Enterprise 3.00 Ghz Gb Outlook Clients Windows Server 2008 R2 Enterprise 2.66 Ghz GB NOTE: The MBX database and Active Directory server are not load balanced. IMPLEMENTING AND CONFIGURING THE BROCADE SERVERIRON ADX The Brocade ServerIron ADX used in this solution is deployed in an Active/Hot standby mode and is connected to two Layer 2 switches. Key features implemented on the Brocade ServerIron ADX to support this deployment are: Layer 4 load balancing Layer 7 load balancing Source IP port persistence SSL Proxy Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

8 Server health monitoring Connection replication for stateful (or state-aware) failover Affinity Affinity is the ability to associate a client to a specific Client Access Server (CAS) to ensure that all requests sent from that client go to the same CAS. The following load balancing methods support affinity on the Brocade ServerIron ADX: Load Balancer (LB)-created cookie SSL session ID Source IP NOTE: LB-created cookie (since the incoming traffic is SSL, an SSL proxy must be used) can be used with source IP, and SSL session ID can also be used with source IP (SSL), but all three cannot be used together. One of these methods must be used since Exchange recommends using HTTPS instead of HTTP. Brocade recommends using LB- created cookie and source IP port persistence. SSL session ID affinity is not recommended, as some browsers renegotiate new SSL session IDs every few minutes thus breaking the affinity. LB-Created Cookie This method is very reliable for tying a client session to a Client Access Server. The load balancer inserts a cookie into the client-server protocol that is associated with a CAS server. The session continues to forward traffic to the same CAS server until the session is over. The LB-created cookie method is supported for OWA and ECP protocols that run on top of HTTP in Microsoft Exchange 2010, but has these limitations: Not supported for RPC, Exchange Address Book Service, POP, and IMAP The load balancer needs to have the ability to read and interpret the HTTP stream. When using SSL, the load balancer must decrypt the traffic to examine content. To use this method, the client must support receiving arbitrary cookies from the server and then including them in all future requests to the server. Note that this capability is unsupported in: Exchange ActiveSync clients, Outlook Anywhere (OA) (not supported in any version of Outlook up to and including Outlook 2010), and some Exchange Web Services clients. However, Outlook Web Access (OWA), Exchange Control Panel (ECP), and remote PowerShell Exchange 2010 protocols are supported. Source IP Port Persistence In this method, the LB looks at a client IP address and sends all traffic from a certain source/client IP to a given CAS. Cookie persistence is recommended for workloads where it is supported; but if source IP persistence is necessary for those workloads, it can still be used. However, the source IP method has two limitations: Whenever the IP address of the client changes, the affinity is lost. However, the user impact is acceptable as long as this occurs infrequently. Having a large number of clients from the same IP address leads to uneven distribution. Distribution of traffic among the CAS machines then depends on how many clients are arriving from a given IP address. Two things that can cause a lot of clients to arrive from the same IP address are: Network Address Translators (NATs) or outgoing proxy servers (for example, Microsoft Forefront Threat Management Gateway, or TMG). In this case the original client IP addresses are masked by the NAT or outgoing proxy server IP addresses. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

9 CAS-to-CAS proxy traffic. One CAS machine can proxy traffic to another CAS machine, typically between Active Directory (AD) sites, as most Exchange 2010 traffic needs to be handled by either a CAS in the same AD site as the mailbox being accessed or a CAS with the same major version as the mailbox being accessed. BROCADE SERVERIRON ADX CONFIGURATION The following are the high-level steps required to deploy the Brocade ServerIron ADX with Exchange Server 2010: Configure Layer 2 Active/Hot standby redundancy Configure SSL profiles Configure CSW rules Configure CSW policy Configure the server farm (real servers) Configure the VIP and bind the real servers to the VIP Configure load balancing: Round Robin Configure SSL Configuration Prerequisites The following prerequisites are required to deploy the solution: Working knowledge of installing and deploying the Exchange Server 2010 Experience with basic networking and troubleshooting Experience installing and deploying the Brocade ServerIron ADX Working knowledge of the Brocade ServerIron ADX Command-Line Interface (CLI) Brocade ServerIron ADX running software version 12.1 or later Brocade ServerIron ADX TrafficWorks Graphic User Interface (GUI, supported in the Brocade ServerIron ADX version 12.1 or later) NOTE: Not all steps can be completed using the GUI. Managing the Brocade ServerIron ADX via the CLI 1. At the opening CLI prompt, enter: ServerIron> enable 2. Access the configuration level of the CLI, enter: ServerIron# configure terminal ServerIron (config)# 3. To assign an IP address to the ServerIron, enter: ServerIron (config)# ip add To assign a default gateway, enter: ServerIron (config)# ip default-gateway Additional commands: ServerIron (config)# hostname SP1 ServerIron (config)# enable super-user-password foundry Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

10 ServerIron (config)# no enable aaa console ServerIron (config)# telnet server ServerIron (config)# username SP1 nopassword NOTE: It is recommended that a semi-secure password be used. 5. To exit from the configuration level of the CLI, enter: SP1 (config)# end To save the configuration to NVRAM, enter: SP1# write memory Managing the Brocade ServerIron ADX via the GUI To access the Brocade ServerIron ADX using the GUI, perform the steps listed above and complete the following procedure. Connecting the Brocade ServerIron ADX to the Network 1. Connect the ServerIron to your network infrastructure. 2. Check to see if ping access to the ServerIron IP address is working. 3. Open a browser (MS Internet Explorer or FireFox) window. 4. Type the ServerIron IP address into the browser window and press Enter. The Login window is displayed. 5. Click the HTTP button to display the user name and password dialog box. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

11 NOTE: The default user name and password are admin and brocade respectively. For greater security, you should change the password. 6. Enter the user name and password and click OK. The home page for the ServerIron Web interface is displayed. Configuring Layer 2 Active/Hot Standby Redundancy In this deployment with the Microsoft Exchange Server 2010, the Brocade ServerIron ADX was configured as active/hot standby, in which both ServerIron ADX switches share the same VIP and configuration (with the exception of the management IP address). In a typical hot standby configuration, one ServerIron ADX is the active device and performs all the Layer 2 switching and Layer 4 Server Load Balancing (SLB) switching, while the other ServerIron ADX monitors switching activities and remains in a hot standby role. If the active ServerIron ADX becomes unavailable, the standby ServerIron ADX immediately assumes the unavailable ServerIron ADX s responsibilities. The failover from the unavailable ServerIron ADX to the standby device is transparent to users. In addition to the same Virtual IP address, both ServerIron ADX switches share a common MAC address known to the clients. Therefore, if a failover occurs, the clients still know the ServerIron ADX by the same MAC address. The active sessions running on clients continue and clients and routers do not need to re-arp (Address Resolution Protocol) for the ServerIron ADX MAC address. The configuration used for the ServerIron ADX in this deployment with the Microsoft Exchange Server ADX was active/hot standby, in which both ServerIron switches share the same VIP address and configuration (with the exception of the management IP address) but one ServerIron ADX is active and the other is in hot standby mode. NOTE: These tasks must be performed using the CLI. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

15 Configuring the VIP and Binding the Real Servers to the VIP Using the GUI 1. In the Traffic Management section, click Virtual Server and click the Basic tab. Create the VIP interface. 2. In this screen also, from the Predictor drop-down menu, choose Round Robin and click Apply. 3. Click the Port tab to apply the port type used for this VIP interface. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

16 4. To bind the VIP to the real servers, click the Bind tab and bind the associated real servers to their VIP. Configuring Round Robin Load Balancing Since the solution uses Source IP port persistence on the VIP(s) for which you re going to perform port persistence, the Round Robin predictor for VIP is automatically enabled. This default is used to evenly distribute hash assignments. After you enter the port <port> persist-hash command, the predictor roundrobin command automatically appears under the virtual server in the configuration file. Configuring SSL Profiles and Proxy Using the CLI In the full SSL proxy mode, the ServerIron ADX maintains encrypted data channels with the client and the server. This mode provides additional security with no SSL hardware acceleration cost to the server. SSL proxy provides visibility to application traffic for Layer 7 processing and security. Configuration of SSL proxy requires the network administrator for the ServerIron ADX to upload the CAS certificate that was issued from the Certificate Authority (CA) server and the CA server certificate. See the Brocade ServerIron ADX product documentation for instructions using the CLI. 1. Configure the SSL profiles for SSL proxy: ssl profile serverside ca-cert-file cert2 session-cache off ssl profile clientside keypair-file cas-export certificate-file cas-export cipher-suite all session-cache off 2. Configure the VIP to perform SSL proxy: server virtual caslb port ssl ssl-proxy clientside serverside Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

17 Configuring SSL Profiles and Proxy Using the GUI Uploading the SSL Certificate Once you receive an SSL certificate from the CA, upload it to the ServerIron ADX: 1. Click the SSL Switching link on the Security button. 2. Click the Certificates tab 3. Click the Certificate Upload to ServerIron down arrow. 4. Enter the following information: Certificate Format: Select PEM (the default) or PKCS12. Certificate File Name (Optional): Specify a name for the certificate if you wish to upload the certificate on the ServerIron ADX with a different name. If you leave this field blank, the certificate is uploaded with the same name. Chain CA Certificate: Click the check box if you want to chain (append) the certificate you are uploading to an existing certificate on the ServerIron ADX. Note that the "Select Server Certificate" title of the next field changes to "Select CA Certificate" when you click the check box. Select Server Certificate on ServerIron: Select the existing certificate on the ServerIron to which you want to chain this selected CA certificate. Select Server Certificate or Select CA Certificate: Select the server certificate or CA certificate from your local directory. 5. Click Upload. If the procedure is successful, the message "The operation was successful" appears at the top of the page and the certificate is listed in the Summary table. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

18 Creating an SSL Profile To create an SSL profile, first make sure that an SSL key and SSL certificate have been created or uploaded to the ServerIron ADX. Then follow the steps below to define an SSL profile. 1. Click the SSL Switching link on the Security button.2, and click the SSL Profiles tab. 2. Select New from the drop-down list and provide the following information: SSL Profile Name: For example: ssl-profile-1 SSL Certificate: Select from the drop-down list. Certificate Chaining: Click Enable if the certificate in use is a chained certificate. 3. Click Apply to accept and create the SSL profile. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

19 4. Additional options under the SSL profile must be applied, click the Advanced Options down arrow to display these options. Select CA Certificates: This selection is applicable if the ServerIron is configured in SSL proxy mode, in which it acts as an SSL client to a server-side SSL certificate 5. Click Update. Defining SSL Accelerated Service Before enabling SSL acceleration, make sure that the following have been created: Virtual Server Virtual Server Port SSL (TCP) Profile Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

20 1. Click the SSL Switching link on the Security button. 2. Click the SSL Services tab. 3. Provide the following information: Virtual Server: Select from the drop-down list. Virtual Server Port: Select from the drop-down list. SSL Mode: Select Proxy. Server Profile: Select the profile from the drop-down list. Client Profile: Since SSL proxy mode is used, select the profile from the drop-down list. 4. Click Apply to enable SSL acceleration for a service (VIP). Persistence: Configuring CSW Rules and Policy The Exchange Server 2010 traffic is forwarded by the client via SSL. SSL proxy must be used to convert the SSL traffic to HTTP. The CSW rules are then applied to the HTTP traffic, which is re-encrypted and forwarded to the CAS server. CSW Rule Behavior for LB-Inserted Cookie LB generates a cookie when a specific rule is matched. The cookie insertion is typically configured together with cookie switching. The ServerIron ADX performs cookie switching based on the cookie value of "ServerID" or as defined in the rules. Note that when the client is sending MAPI/RPC traffic toward the server, port 135 and a dynamic application port (here ) are used. In this case the traffic is forwarded based on the form of hashing used. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

21 Figure 2 describes the workflow for inserting cookies. Figure 2. CSW rules for inserting cookies The following cases map to the flowchart in Figure 2. Case#1: Server ID exists If no rule is encountered, the ServerIron ADX takes the default action. It forwards the request to server group 1 and inserts a cookie with the name "ServerID," which expires in 60 minutes. If a server ID exists, extract the ID and check if a server with same ID is up. If the server than forward the packet request to the server. If the server is down than select a server based on layer 4 server load balancing, insert a cookie server ID in the response and forward it to the selected server. Configure CSW rules as follows: csw-rule "cookie1" header "cookie" pattern "SERVERID=" case-insensitive HTTP Header rule name: Header Pattern: Matches if the specified pattern exists anywhere within the specified HTTP header field Syntax: [no] csw-rule <rule-name> header <header-name> pattern <value> Configure CSW policy as follows: csw-policy "ex2010a" case-insensitive match "cookie1" persist offset 0 length 4 group-or-server-id default forward 1 default rewrite insert-cookie "ServerID" Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

22 Syntax: default rewrite insert-cookie [<cookie-name> [<domain> [<path> [<age>]]]] The <cookie-name> variable specifies the name of the cookie to be inserted. The <path> variable specifies the attribute path for the cookie to be inserted. If the <path> variable is not configured or it is configured to be "*", "/" is defined for the cookie path. The <domain> variable specifies the attribute domain for the cookie to be inserted. If the <domain> variable is not configured or it is configured to be "*", the default domain for the cookie inserted in the HTTP response will be the same as the one in the previous request. The <age> variable specifies how many minutes the browser takes to expire the cookie to be inserted. If the <age> variable is not configured, the cookie will be expired once the browser is closed. If the <age> variable is configured to be 0, the browser will age out the cookie immediately. NOTE: <cookie-name> is required; while <path>, <domain>, and <age> are optional. Case#2: Server ID doesn t exist When a new session is created, there is no server ID. When a server ID doesn t exist, inspect the packet for URL prefix OWA and ECP. Scenario 1: OWA and ECP URLs exist If these URL prefixes exist, then forward the packet to a server selected based on Layer 4 server load balancing (insert a cookie server ID in the response before forwarding to the selected server). Configure CSW rules as follows: csw-rule "ecp" url prefix "/ECP" case-insensitive csw-rule "owa" url prefix "/OWA" case-insensitive URL rule name: URL prefix: Matches if the URL string begins with the specified prefix. Syntax: [no] csw-rule <rule-name> url prefix <value> Configure CSW policy as follows: csw-policy "ex2010a" case-insensitive match "owa" forward 1 match "owa" rewrite insert-cookie "ServerID" match "ecp" forward 1 match "ecp" rewrite insert-cookie "ServerID" You can configure the ServerIron ADX to insert a cookie into an HTTP response when a specified rule is matched. When the rule is matched, a cookie is inserted in the response when any of the following occur: No cookie header is found in the HTTP request, or a cookie header exists but it does not contain the cookie specified by the port http server-id command. The specified cookie name is found in the HTTP request, but the cookie value is out of the range used for cookie switching. The cookie value must be between 1 and The specified cookie name is found in the HTTP request, but the real server or server group indicated by the cookie value is not available. Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

23 For example, the following command causes the ServerIron ADX to insert the cookie indicated by the port http Server-id command into the HTTP response when rule ecp is matched: ServerIronADX(config-csw-policy1)# match ecp rewrite insert-cookie Syntax: [no] match <rule-name> rewrite insert-cookie Scenario 2: OWA and ECP URLs don t exist If the URL OWA and ECP don t exist, then inspect the packet for the prefixes AUDI, EWS, OAB. If these URLs exist, forward the packet to a server selected based on URL hash mechanism used. (Remember that there are only two protocols that support cookie persistence: OWA and ECP.) For a given rule, you can configure a primary persist action and a secondary persist action. If the primary persist action does not return a valid persist string, or if the server indicated by the primary persist string is not available, the ServerIron ADX uses the secondary persist action to direct packets to a server. For EWS, the following commands configure a rule and policy that use the persist action: Configure CSW rules as follows: csw-rule "audi" url prefix "/AUTODISCOVER" case-insensitive csw-rule "ews" url prefix "/EWS" case-insensitive csw-rule "oab" url prefix "/OAB" case-insensitive Configure CSW policy as follows: csw-policy "ex2010a" case-insensitive match "audi" persist offset 0 length 0 match "ews" persist offset 0 length 0 match "oab" persist offset 0 length 0 Syntax: [no] match <rule-name> persist offset <offset> length <length> [[<persistmethod>] [secondary]] For example, the csw-rule command creates a rule that matches if an incoming packet contains EWS in the URL field. The csw-policy command creates a policy called ex2010a. The match ews persist command associates the rule with the persist action. As a result, if an incoming packet has EWS in the URL field, it is used as the persist string. The ServerIron ADX uses the persist string along with the default hashing-bucket persist method to calculate the real server to which to send the packet. The <offset> variable specifies the offset in bytes from the beginning of the content matched by the <rule-name> to be used as the persist string. If you specify 0 as the <offset>, the persist string begins at the start of the matched content. The <length> variable specifies the length in bytes of the persist string. If you specify 0 as the <length>, the persist string ends at the end of the matched content. If these URLs don t exist, a server is selected based on the predictor used (in this case Round Robin) and the packet is forwarded to it: server virtual caslb predictor round-robin Deploying the Brocade ServerIron ADX with Microsoft Exchange Server of 27

Load Balancing Exchange 2007 Client Access Servers using Windows Network Load- Balancing Technology In this article I will show you how you can load-balance Exchange 2007 Client Access Servers (CAS) using

POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere

Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment

DEPLOYMENT GUIDE CONFIGURING THE BIG-IP LTM SYSTEM WITH FIREPASS CONTROLLERS FOR LOAD BALANCING AND SSL OFFLOAD Configuring the BIG-IP LTM system for use with FirePass controllers Welcome to the Configuring

Microsoft Lync Server 2010 Scale to a Load Balanced Enterprise Edition Pool with WebMux Walkthrough Published: March. 2012 For the most up to date version of the Scale to a Load Balanced Enterprise Edition

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG Webserver Load Balancing Abstract In this article I will show you how

Citrix NetScaler 10 Essentials and Networking CNS205 Rev 04.13 5 days Description The objective of the Citrix NetScaler 10 Essentials and Networking course is to provide the foundational concepts and advanced

Brocade Network Advisor High Availability Using Microsoft Cluster Service This paper discusses how installing Brocade Network Advisor on a pair of Microsoft Cluster Service nodes provides automatic failover

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

Score your ACE in Business and IT Efficiency Optimize your Data Center capabilities with Cisco s Application Control Engine (ACE) Agenda In this webinar, you will be given an insight into the following:

Deploying the BIG-IP System with Oracle E-Business Suite 11i Introducing the BIG-IP and Oracle 11i configuration Configuring the BIG-IP system for deployment with Oracle 11i Configuring the BIG-IP system

DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Microsoft IIS Prerequisites and configuration

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2 Organizations can use the Barracuda Load Balancer to enhance the scalability and availability of their Microsoft Office Communications

DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP System v9.x with Microsoft IIS 7.0 and 7.5 Deploying F5 with Microsoft IIS 7.0 and 7.5 F5's BIG-IP system can increase the existing benefits of deploying

Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...